package com.juzipi.demo.controller;//package com.juzipi.demo.controller;

/**
 * security 学习记录吧，方便以后看
 */

@RestController
@RequestMapping("test")
public class HelloController {


    @GetMapping("hello")
    public String hello(){

        return "security";
    }


    @GetMapping("index")
    public String test(){

        return "index";
    }


    @GetMapping("update")
    //@Secured 用户具有某个角色可以访问方法,可以传多个权限角色
    //需要在开启注解加上 securedEnabled = true
    @Secured({"admins","role"})
    public String update(){

        return "hello update";
    }


    @GetMapping("select")
    //@PreAuthorize：适合进入方法前的权限验证，
    //可以将登录用户的 roles/permissions 参数传到方法中
    //需要在开启注解加上 prePostEnabled = true
    @PreAuthorize("hasAnyAuthority('admins')")
    public String select(){

        return "hello select";
    }


    @GetMapping("insert")
    //@PostAuthorize 在方法执行之后再进行权限验证，适合验证带有返回值的权限
    //需要在开启注解加上 prePostEnabled = true
    @PostAuthorize("hasAnyAuthority('admins')")
    public String insert(){

        System.out.println("insert");

        return "hello insert";
    }


    @GetMapping("delete")
    @PostAuthorize("hasAnyAuthority('admins')")
    //@PostFilter 权限验证之后对数据进行过滤
    @PostFilter("filterObject.username=='admin1'")
    public List<Users> delete(){

        ArrayList<Users> list = new ArrayList<>();
        list.add(new Users(2L,"admin1","147"));
        list.add(new Users(3L,"admin2","258"));
        System.out.println(list);
        return list;
    }


    @PostMapping("all")
    @PostAuthorize("hasAnyAuthority('admins')")
    //@PreFilter 进入控制器之前对数据进行过滤
    @PreFilter(value = "filterObject.id%2!=0")
    public List<Users> all(@RequestBody List<Users> list){
        list.forEach(t->{
            System.out.println(t.getId()+","+t.getUsername()+","+t.getPassword());
        });

        return list;
    }


}
